W32/Autorun-G

Category:	Viruses and Spyware	Protection available since:	24 Oct 2007 20:55:52 (GMT)
Type:	Win32 worm	Last Updated:	08 Dec 2010 11:15:46 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autorun-G is a worm for the Windows platform.

W32/Autorun-G attempts to spread to any device that is mapped to a drive letter.

W32/Autorun-G is a worm for the Windows platform.

W32/Autorun-G attempts to spread to any device that is mapped to a drive letter.

When first run W32/Autorun-G copies itself to:

<Desktop>\New Documents.exe
<Root>\sample1.exe
<Windows>\l0g0n.scr
<System>\1046\ctfmon.exe
<System>\1055\svchost.exe

The following registry entries are created to run W32/Autorun-G on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon
<System>\1046\ctfmon.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon
<System>\1046\ctfmon.exe

HKCU\Control Panel\desktop
SCRNSAVE.EXE
<Windows>\l0g0n.scr

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe, <System>\1055\svchost.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System
<System>\1055\svchost.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe, <System>\1055\svchost.exe

Registry entries are set as follows to change the way Windows Explorer displays files:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0

Try Sophos products for free
Download now

W32/Autorun-G

Free Mac Anti-Virus

Popular topics